Amazon Web Services (AWS) is offering a variety of new connectivity options for enterprise customers to access distributed cloud resources.
The new options -- unveiled at the vendor's re:Invent conference -- are designed to give businesses new network options and build more secure access to on-premises and other cloud applications.
A new network offering called AWS Cloud WAN is a managed service that promises to make it easier to build, manage, and monitor global traffic across a wide area network that spans multiple locations and networks -- eliminating the need to configure and manage the different networks individually using different technologies.
Network teams have the option to use simple network policies to specify the Amazon virtual private clouds and on-premises locations they want to connect through AWS VPN, AWS Transit Gateway, or third-party SD-WAN products. The AWS Cloud WAN service generates a view of the network to monitor health, security, and performance, AWS stated.
“Teams can also use network policies to automate routine network-management tasks like adding new sites or branch locations, isolating traffic between sensitive applications or locations, segmenting groups of networks to make it easier to manage network isolation between AWS and on-premises environments, or enabling specialised network or security services,” AWS stated.
For example, customers could increase their security posture by creating a policy that ensures that any network traffic from their branch locations must be routed through a network firewall before reaching their cloud resources, AWS stated.
The new service also integrates with AWS networking vendors including Hewlett Packard Enterprise / Aruba, Cisco, Palo Alto Networks, and VMware -- letting customers use and manage products and services from these providers.
In Aruba’s case, the company said customers can extend policy-based network segmentation from the branch edge -- which spans campus, branch, micro-branch, and remote worker -- into the AWS global network.
“Aruba SD-WAN integration with AWS Cloud WAN is enabled through Aruba Orchestrator and Aruba Central, making it easy to deploy, manage, and operate sophisticated WAN networks over AWS. Aruba Orchestrator now also supports automated “one-click” deployment of EdgeConnect SD-WAN instances directly into AWS VPC’s,” Aruba stated.
Specific to Cisco, the service will work with SD-WANs using its vManage and Meraki software.
Customers can get secure site-to-site connectivity through Cisco SD-WAN with AWS global backbone as underlay that is highly reliable and cost effective, wrote Chris Stori, senior vice president and general manager for Cisco’s Networking Experiences team in a blog.
Customers can automate and simplify the provisioning process through your choice of platform, whether Cisco vManage or Cisco Meraki, for a simplified network design and define a multi-region, segmented, dynamically routed network with an intent-driven policy in just a few clicks, Stori wrote.
On the VMware side, with VMware SD-WAN, enterprises can extend the segmentation they use in their data centre to remote branch sites by using the segmentation capabilities built into VMware SD-WAN Edges, the company stated in a blog.
“When enterprises transition to the cloud, they can extend that same network segmentation to their cloud workloads,” VMware stated. “With AWS Cloud WAN, customers can further extend the segmentation from their VMware SD-WAN fabric to their network on the AWS Cloud. This allows enterprises to ensure traffic isolation and data security end-to-end.”
Another connectivity option for AWS Cloud WAN service is a new networking offering that lets AWS users connect data centres or branch offices over AWS’ backbone network.
Also rolled out, AWS Direct Connect SiteLink connects sites through Direct Connect locations, without sending traffic through an AWS Region. AWS has 108 Direct Connect locations available in 32 countries.
The service supports traffic flows of 50 Mbps to 100 Gbps from one Direct Connect location to another following the shortest available path. Customers no longer need to connect through the closest AWS Region and manage and configure an AWS Transit Gateway for site-to-site network connectivity, AWS stated.
“Until today, when you needed direct connectivity between your data centres or branch offices, you had to rely on public internet or expensive and hard-to-deploy fixed networks," AWS stated. "These are geographically constrained and can be tied to long-term contracts.
"This rigidity becomes a pain point as you expand your businesses globally. In turn, you’re required to create custom workarounds to interconnect networks from different providers, which increases your operating costs."
SiteLink supports other AWS services, letting customers reach VPCs, other AWS services, and on-premises networks from the Direct Connect connections.
AWS also introduced the ability for its Transit Gateway customers to directly route traffic between different Transit Gateways in the same AWS Region.
AWS Transit Gateway lets customers tie cloud-based resources back to data centres, remote office workers or other distributed access points as needed. Thirteen networking vendors including Cisco, Aruba, Arista, Fortinet, Palo Alto, and Versa announced support for the technology when it was introduced in 2018.
Intra-region peering simplifies routing and inter-connectivity between VPCs and on-premises networks that are serviced and managed via separate Transit Gateways, AWS stated. This feature provides the flexibility to deploy multiple Transit Gateways with separate administrative domains, while providing an easy way to interconnect them more natively.
“Using intra-region peering, you can build flexible network topologies and easily integrate your network with a third-party or partner managed network in the same AWS Region. If you are already familiar with Transit Gateway inter-region peering, it works exactly the same way except that the peered Transit Gateways are in the same AWS Region,” AWS stated.
AWS partner VMware said the Transit Gateway provides high bandwidth, resilient connectivity to VMware [software defined data centres] in an SDDC Group.
“With this enhancement, VMware Cloud on AWS customers will be able to peer their VMware Transit Connect with AWS Transit Gateway (TGW) in the same AWS region,“ Sonali Desai, product line marketing manager wrote in a blog about the announcement.
"This will help customers establish high bandwidth connectivity between their VMware Cloud on AWS SDDC Group and AWS Transit Gateway (TGW), enabling access to VPC resources at scale without the need for a Transit VPC,” Desai stated.
"This further simplifies access between VMware Cloud on AWS VPC resources and AWS VPC resources, while retaining control over connectivity in the respective environments."